Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
IvantiEndpoint Manager2022

75 matches found

CVE
CVEadded 2024/11/12 4:15 p.m.40 views

CVE-2024-50324

Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

7.2CVSS7.2AI score0.38906EPSS
CVE
CVEadded 2024/11/12 4:15 p.m.40 views

CVE-2024-50326

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

7.2CVSS7.5AI score0.26671EPSS
CVE
CVEadded 2024/11/12 4:15 p.m.40 views

CVE-2024-50328

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

7.2CVSS7.5AI score0.15173EPSS
CVE
CVEadded 2024/09/10 9:15 p.m.40 views

CVE-2024-8441

An uncontrolled search path in the agent of Ivanti EPM before 2022 SU6, or the 2024 September update allows a local authenticated attacker with admin privileges to escalate their privileges to SYSTEM.

6.7CVSS6.5AI score0.00266EPSS
CVE
CVEadded 2025/01/14 6:15 p.m.39 views

CVE-2024-13163

Deserialization of untrusted data in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required.

7.8CVSS7.8AI score0.01108EPSS
CVE
CVEadded 2024/11/12 4:15 p.m.39 views

CVE-2024-50322

Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required.

7.8CVSS7.8AI score0.00179EPSS
CVE
CVEadded 2023/10/18 4:15 a.m.38 views

CVE-2023-35084

Unsafe Deserialization of User Input could lead to Execution of Unauthorized Operations in Ivanti Endpoint Manager 2022 su3 and all previous versions, which could allow an attacker to execute commands remotely.

9.8CVSS9.6AI score0.01627EPSS
CVE
CVEadded 2023/09/21 9:15 p.m.38 views

CVE-2023-38343

An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti Endpoint Manager before 2022 SU4. External entity references are enabled in the XML parser configuration. Exploitation of this vulnerability can lead to file disclosure or Server Side Request Forgery.

7.5CVSS7.4AI score0.00464EPSS
CVE
CVEadded 2025/01/14 6:15 p.m.38 views

CVE-2024-13166

An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.

7.5CVSS7.2AI score0.01745EPSS
CVE
CVEadded 2024/05/31 6:15 p.m.37 views

CVE-2024-29825

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.

9.6CVSS9AI score0.01329EPSS
CVE
CVEadded 2025/01/14 6:15 p.m.36 views

CVE-2024-13164

An uninitialized resource in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges.

7.8CVSS6.8AI score0.00113EPSS
CVE
CVEadded 2024/05/31 6:15 p.m.36 views

CVE-2024-29827

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.

9.6CVSS9AI score0.0029EPSS
CVE
CVEadded 2024/09/10 9:15 p.m.36 views

CVE-2024-8322

Weak authentication in Patch Management of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker to access restricted functionality.

8.8CVSS4.6AI score0.00621EPSS
CVE
CVEadded 2024/09/10 9:15 p.m.35 views

CVE-2024-8321

Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to isolate managed devices from the network.

8.6CVSS7.4AI score0.00186EPSS
CVE
CVEadded 2024/11/12 4:15 p.m.34 views

CVE-2024-50323

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required.

7.8CVSS8.1AI score0.00354EPSS
CVE
CVEadded 2025/01/14 6:15 p.m.33 views

CVE-2024-13168

An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.

7.5CVSS7.2AI score0.01745EPSS
CVE
CVEadded 2025/01/14 6:15 p.m.33 views

CVE-2024-13170

An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.

7.5CVSS7.2AI score0.01745EPSS
CVE
CVEadded 2024/05/31 6:15 p.m.32 views

CVE-2024-29830

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.

8.4CVSS8.7AI score0.00137EPSS
CVE
CVEadded 2024/05/31 6:15 p.m.31 views

CVE-2024-29828

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.

8.4CVSS8.7AI score0.00137EPSS
CVE
CVEadded 2024/05/31 6:15 p.m.31 views

CVE-2024-29846

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.

8.4CVSS8.7AI score0.00137EPSS
CVE
CVEadded 2024/05/31 6:15 p.m.29 views

CVE-2024-29829

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.

8.4CVSS8.7AI score0.00137EPSS
CVE
CVEadded 2023/07/01 12:15 a.m.27 views

CVE-2023-28323

A deserialization of untrusted data exists in EPM 2022 Su3 and all prior versions that allows an unauthenticated user to elevate rights. This exploit could potentially be used in conjunction with other OS (Operating System) vulnerabilities to escalate privileges on the machine or be used as a stepp...

9.8CVSS9.7AI score0.02582EPSS
CVE
CVEadded 2025/07/08 3:15 p.m.10 views

CVE-2025-7037

SQL injection in Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a remote authenticated attacker with admin privileges to read arbitrary data from the database

7.2CVSS7.8AI score0.00085EPSS
CVE
CVEadded 2025/07/08 3:15 p.m.8 views

CVE-2025-6995

Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords.

8.4CVSS6.7AI score0.00027EPSS
CVE
CVEadded 2025/07/08 3:15 p.m.8 views

CVE-2025-6996

Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords.

8.4CVSS6.7AI score0.00027EPSS
Total number of security vulnerabilities75